Summary of password strength discussion

Lars Seipel lars.seipel at
Mon Jul 27 18:43:21 UTC 2015

On Mon, Jul 27, 2015 at 11:19:41AM -0600, Chris Murphy wrote:
> Why is password quality being targeted rather than the number of ssh
> attempts being set to e.g. 3 per minute, by default? And does this
> sufficiently mitigate the concern, and if not, why not?

Restricting login attempts means that now even the most naïve kind of
attack can lock me out of my machine. You know, the really stupid
attacks that rain down on almost any internet host in gigantic numbers
but are effectively countered by using anything but the most trivial of

More information about the desktop mailing list